Forensic Technology Approaches

English: Digital Forensic Analysis Of The Private Mode Of Browsers On Android Turkish: Android Işletim Sistemli Cihazlarda Özel Modda Çalışan Internet Tarayıcıların Adli Analizi DOI: 0167-4048, 2023, Digital forensic analysis of the private mode of browsers on Android, Centro Singular de Investigación en Tecnoloxías Intelixentes (CiTIUS) Abstract This study concludes results of tests made on various physical and logical (emulated) devices to detect remnants of user credential information kept in file systems of different devices and web browsers, after end of user’s browsing activity. Credentials of users, including usernames and passwords, were stored in keychain files of various web browsers in both Physical and logical devices running Android OS. Tests were ran on both physical and logically emulated Samsung tablet models ran on Android Studio. Following end of browsing, several reset methods were applied to browsers and devices, including hard reset of device. Following co...

Part of the series (2 of 3) Windows artifact analysis. LNK files, also called link lists in some sources, are created automatically by Windows operating system when user interacts with documents, apps and folders. LNK file is also can be described as the list of shortcut files which is shown when user right clicks on the file explorer image on the taskbar, as shown below, as these shortcut files are shown based on latest access time and frequency: As we all know, that list up here is modifiable and limited with recently accessed few files. So how are LNK files can help us from the forensic perspective? Even though user is able to remove that list shown above, Windows still keeps trace of those files and also the list is lot longer that it appears on the taskbar. Complete list of recently accessed files, docs, apps and folders can be found in "C:\Users\%User%\Recent" location, or simply click Windows, type "run" and enter "recent" to the command window.  La...